SecurityFocus recently reported that the number of page views garnered by fraudulent sites climbed by a factor of five in March and April, fueled by a phishing scheme targeting MySpace users.

Nature of the Attack

According to the report:

The attack used a modification to the style sheet of a user’s profile to place a transparent image over the page, causing a click on a link — or anywhere else on the page — to redirect the visitor to a fake MySpace login page…

While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack… We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue. -Colin Whittaker of Google’s Anti-Phishing Team

Read more…

I was browsing through a couple of Web sites earlier to check for software updates when suddenly, a word struck me- ASCII. ASCII is simply a character encoding based on the English alphabet. When graphical representations are made out of it, ASCII art is produced. I remembered a film I watched a year ago entitled, BBS: The Documentary by Jason Scott Sadofsky. It’s an 8-episode documentary about the subculture born from the creation of the BBS and there was a portion where the ANSI Art Scene was featured. I realized back then that computer graphics became widespread not when the first version of Photoshop or CorelDraw arrived, but during the 1970’s, when telegraphers had lesser workload (specifically on Christmas day). They would pass ASCII art to their fellow telegraphers as a form of leisure. Nowadays, we rarely see ASCII art except in text files associated with cracks and warez groups.

Read more…

I read an interesting story in one article of 2600: The Hacker Quarterly a while ago. The author, who goes by the name Xyzzy narrated his experience about the security holes he came across at Time Warner Cable.

Nature of the Hack

It all began when a schedule was set to fix intermittent downtime on Xyzzy’s cable Internet connection. To his amazement, the technician sat down at his laptop and started checking if his connection is already fixed. Apparently, the technician used a Web browser and opened a URL that’s exclusively used by his company. He then logged on to the page (using his username and password) to check his customer’s status. Afterwards, he closed the browser window and confirmed that the connection was already fixed.

Read more…

Secunia reported 2 security advisories yesterday regarding vulnerable components (DLL) in the Yahoo! Messenger instant messaging program. Secunia rated these vulnerabilities as extremely critical. In response, Yahoo! has released an emergency patch today.

Description

1. A boundary error within the Yahoo! Webcam Upload (ywcupl.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Send()” method.
2. A boundary error within the Yahoo! Webcam Viewer (ywcvwr.dll) ActiveX control can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the “Server” property and then calling the “Receive()” method.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

The vulnerabilities are confirmed in version 8.1.0.249. Other versions may also be affected.

Solution

Update to the latest version.

Current Version: 8.1.0.401
Yahoo! Messenger Download Page

Web Standards Creativity: Innovations in Web Design with XHTML, CSS, and DOM Scripting

by Andy Budd, Andy Clarke, Ian Lloyd, Cameron Adams, Rob Weychert, Ethan Marcotte, Dan Rubin, Jeff Croft, Mark Boulton, Simon Collison, Derek Featherstone

Read more…

After reading an article from A List Apart about the 12 Lessons for Those Afraid of CSS and Standards by Ben Henick, I wonder if bloggers, especially those using standalone installations, are beginning to appreciate the power of CSS and Web standards. Despite all the fuss about content being king and content management systems becoming easier to use, do bloggers even care to click on their Valid XHTML and Valid CSS footer links? What does content really mean to them?

Read more…

It took me three weeks to code Project Afterlight Burnt Edition. In the first week, I made sure that my design displayed properly in Firefox 2. Luckily, it did. However, I wouldn’t want my Web pages to be viewable only in Firefox. What about in different versions of Internet Explorer? What about Opera, Safari and Konqueror? Without support for these browsers, I’ll surely lose 70% of my readership. So in the second week, I began altering my CSS code to accommodate Opera 9.21 Web browsers. A few minor adjustments here and there, then it was fixed. Little did I know that my ordeal has just begun.

Read more…